Store Dynatrace images in private registries - Kubernetes
You can store Dynatrace containers in private registries in Kubernetes environments using either a lightweight or an immutable OneAgent container image.
- The lightweight image consists of a OneAgent installer, which downloads necessary binaries from a Dynatrace cluster.
- The immutable image includes the binaries themselves, allowing for more control and thorough security scanning.
- Pull the OneAgent Operator image.
Example command:
docker pull docker.io/dynatrace/dynatrace-oneagent-operator:v<X.Y.Z>
Note: Be sure to replace <X.Y.Z>
with the latest OneAgent Operator version.
- Pull a specific immutable OneAgent image version.
Example command:
docker pull <YOUR_ENVIRONMENT_DOMAIN_NAME>/linux/oneagent:<x.y.z>
Note: Be sure to replace <YOUR_ENVIRONMENT_DOMAIN_NAME>
with your own environment domain name (the URL without https://
), and <x.y.z>
with your desired OneAgent version.
- Tag each image for your own registry.
Example command:
docker tag docker.io/dynatrace/dynatrace-oneagent-operator:v<X.Y.Z> <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>/dynatrace-oneagent-operator:v<X.Y.Z>
docker tag <YOUR_ENVIRONMENT_DOMAIN_NAME>/linux/oneagent:<x.y.z> <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>/oneagent:<x.y.z>
Note: Be sure to replace:
<X.Y.Z>
with the latest OneAgent Operator version.<YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>
with the OneAgent Operator address from your private registry.<YOUR_ENVIRONMENT_DOMAIN_NAME>
with your environment domain name (the URL withouthttps://
).<x.y.z>
with your desired OneAgent version.<YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>
with the OneAgent address from your private registry.
- Push both images to your own registry.
Example command:
docker push <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>/dynatrace-oneagent-operator:v<X.Y.Z>
docker push <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>/oneagent:<x.y.z>
Note: Be sure to replace <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>
, <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>
, <X.Y.Z>
, and <x.y.z>
with your own values.
- Download the latest
kubernetes.yaml
file from the Dynatrace GitHub repository.
wget https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/kubernetes.yaml
-
If your registries need authentication, update
imagePullSecrets
on different service accounts.
For more information on how Kubernetes handles security for pods, see Configure service accounts for pods. -
Deploy OneAgent Operator.
kubectl create namespace dynatrace
kubectl apply -f kubernetes.yaml
- Download the
cr.yaml
file for OneAgent custom resource.
wget https://raw.githubusercontent.com/Dynatrace/dynatrace-oneagent-operator/master/deploy/cr.yaml
- Open
cr.yaml
in a text editor and make the following changes:
- Change
useImmutableImage
totrue
. - Adapt other values according to the parameters section of the OneAgent Operator deployment page.
Note: When using the immutable image, fields such asproxy
,trustedCAs
, andskipCertCheck
are ignored. Kubernetes attempts to pull images straight from your registry. These network settings must be configured directly on the node.
- Deploy the OneAgent custom resource.
kubectl apply -f cr.yaml
- Pull the OneAgent Operator image.
Example command:
docker pull docker.io/dynatrace/dynatrace-oneagent-operator:v<X.Y.Z>
Note: Be sure to replace <X.Y.Z>
with the latest OneAgent Operator version.
- Pull the lightweight OneAgent image.
docker pull docker.io/dynatrace/oneagent
- Tag each image for your own registry.
Example command:
docker tag docker.io/dynatrace/dynatrace-oneagent-operator:v<X.Y.Z> <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>/dynatrace-oneagent-operator:v<X.Y.Z>
docker tag docker.io/dynatrace/oneagent:latest <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>/dynatrace-oneagent:latest
Note: Be sure to replace:
<X.Y.Z>
with the latest OneAgent Operator version.<YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>
with the OneAgent Operator address from your private registry.<YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>
with the OneAgent address from your private registry.
- Push both images to your own registry.
docker push <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>/dynatrace-oneagent-operator
docker push <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>/dynatrace-oneagent:latest
Note: Be sure to replace <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>
and
<YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>
with your own values.
- Download the
kubernetes.yaml
file from Dynatrace GitHub repository.
wget https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/kubernetes.yaml
-
Open
kubernetes.yaml
in a text editor and replace all image field instances withimage: <YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>
, making sure to replace<YOUR_PRIVATE_REGISTRY_OPERATOR_ADDRESS>
with your own value. -
If your registries need authentication, update
imagePullSecrets
on different service accounts.
For more information on how Kubernetes handles security for pods, see Configure service accounts for pods. -
Deploy OneAgent Operator.
kubectl create namespace dynatrace
kubectl apply -f kubernetes.yaml
- Download the
cr.yaml
file for OneAgent custom resource.
wget https://raw.githubusercontent.com/Dynatrace/dynatrace-oneagent-operator/master/deploy/cr.yaml
- Open
cr.yaml
in a text editor and make the following changes:
- Uncomment the image field.
Note: Be sure to maintain proper YAML indentation. - Replace the empty value of the image field (
image: ""
) withimage: <YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>
.
Note: Be sure to replace<YOUR_PRIVATE_REGISTRY_ONEAGENT_ADDRESS>
with your own value. - Adapt other values (
proxy
,apiUrl
, etc.) according to the parameters section of the OneAgent Operator deployment page.
- Deploy the OneAgent custom resource.
kubectl apply -f cr.yaml